543244 – Microsoft Purview: Insider Risk Management-New quick policies to detect data theft from Microsoft Fabric & non-Microsoft 365 data sources

Product:

Fabric, Purview, Purview Communication Compliance, Purview compliance portal, Purview Insider Risk Management

Platform:

Web, World tenant

Status:

In development

Change type:

Links:

Details:

We are adding to Insider Risk Management a pre-configured quick policy template to detect data theft from Microsoft Fabric and non-Microsoft 365 data sources like Box, Dropbox, Google Drive, Azure and Amazon Web Services (AWS). This will enable admins to create scenario-specific policies, with little configurations needed, to get started faster. All scenario based quick policies can be found in the Policies page > Create Policies. Additional tuning post deployment to meet individual alert volume needs can be expected. Microsoft Purview Insider Risk Management correlates various signals to identify potential malicious or inadvertent insider risks, such as IP theft, data leakage, and security violations. Insider Risk Management enables customers to create policies based on their own internal policies, governance, and organizational requirements. Built with privacy by design, users are pseudonymized by default, and role-based access controls and audit logs are in place to help ensure user-level privacy.

Change Category:
XXXXXXX ... free basic plan only

Scope:
XXXXXXX ... free basic plan only

Release Phase:
General Availability, Preview

Created:
2025-12-20

updated:
2025-12-20

Public Preview Start Date

XXXXXXX ... free basic plan only

Docu to Check

XXXXXXX ... free basic plan only

MS workload name

XXXXXXX ... free basic plan only

summary for non-techies**

XXXXXXX ... free basic plan only

Direct effects for Operations**

Data Leakage Risk
Without proper preparation, the implementation of quick policies may lead to false positives, causing unnecessary alerts and investigations, which can disrupt workflows and lead to user frustration.
   - roles: IT Admin, Compliance Officer
   - references: https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/, https://techcommunity.microsoft.com/t5/security-compliance-identity/insider-risk-management-in-microsoft-365/ba-p/1951230

User Privacy Concerns
The deployment of new monitoring policies without adequate communication may raise privacy concerns among users, leading to decreased trust in the organization and potential pushback against compliance measures.
   - roles: End User, HR Manager
   - references: https://www.microsoft.com/en-us/security/blog/2021/06/15/insider-risk-management-in-microsoft-365/, https://www.forbes.com/sites/bernardmarr/2021/06/21/how-to-manage-insider-threats-in-your-organization/?sh=5c1c1c1e4c3e

Configutation Options**

XXXXXXX ... paid membership only

IT Security**

XXXXXXX ... paid membership only

explanation for non-techies**

Microsoft has introduced a new feature in its Purview Insider Risk Management tool that aims to help organizations detect potential data theft from both Microsoft and non-Microsoft platforms. Think of it like setting up security cameras around your office, but instead of just watching the physical space, these "cameras" are keeping an eye on digital activities across various platforms like Microsoft Fabric, Box, Dropbox, Google Drive, Azure, and AWS.

The new feature comes with a pre-configured quick policy template. Imagine this as a ready-to-use security system that you can install without needing to customize every detail. It allows administrators to quickly set up monitoring for specific scenarios, much like choosing a pre-set mode on a camera that automatically adjusts settings for different lighting conditions. This makes it easier and faster to start protecting your data.

Once these policies are in place, they can be fine-tuned to suit the specific needs of your organization, similar to adjusting the focus on a camera to get a clearer picture. The system works by analyzing various signals to identify potential risks, such as unauthorized data access or sharing, much like how a security guard might notice unusual behavior in a building.

Privacy is a key consideration in this system. Users' identities are masked by default, akin to blurring faces in a security video to protect privacy. Access to this information is controlled based on roles, ensuring that only authorized personnel can view sensitive data, much like how only certain staff might have keys to a secure area.

In summary, this new feature in Microsoft Purview is designed to help organizations quickly and effectively monitor for insider risks across a range of digital platforms, while also respecting user privacy.